At Wed, 1 Dec 2021 16:56:11 +0800, Yi Sun <yinan81@xxxxxxxxx> wrote in > We want to revoke server certificate, just don't know why doesn't take > affect > https://www.postgresql.org/docs/11/ssl-tcp.html > https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE Understood. ~/.postgresq/root.crl is required to check server revokation. https://www.postgresql.org/docs/11/libpq-ssl.html > To allow server certificate verification, one or more root > certificates must be placed in the file ~/.postgresql/root.crt in the > user's home directory. (On Microsoft Windows the file is named > %APPDATA%\postgresql\root.crt.) Intermediate certificates should also > be added to the file if they are needed to link the certificate chain > sent by the server to the root certificates stored on the client. > > Certificate Revocation List (CRL) entries are also checked if the file > ~/.postgresql/root.crl exists (%APPDATA%\postgresql\root.crl on > Microsoft Windows). regards. -- Kyotaro Horiguchi NTT Open Source Software Center
